-
Notifications
You must be signed in to change notification settings - Fork 682
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
md5sum matcher returns wrong value for a binary file in windows #1898
Comments
This is caused by Train (the underlying transport library that InSpec uses to run commands and read files) gets the content of the file and pulls it back to the host running InSpec in order to compute the checksum. The checksum is not calculated on the remote host. On Windows, the file content is gathered as such:
... which you can see in the code here: https://github.com/chef/train/blob/master/lib/train/extras/file_windows.rb#L34 Outputting a binary file as a string and then calculating the checksum is obviously not going to yield the results you're looking for. I don't believe this was ever intended to do checksums on non-text files, hence the issue you're experiencing. Here's what it looks like as if InSpec were doing the calculations. You can see the checksums are different even though the source file is the same - one is the original file, and one is the string representation of the original file:
Thank you for logging this issue, @kenichi-yamada-nssol. I will flag this as a bug and leave this issue opened for further analysis by the other maintainers. |
For your information, using the combination "Get-Content -Encoding Byte" and "Set-Content -Encoding Byte" can handle a file as keep the same as original bytes. Any other similar method is acceptable, it is important to avoid CRLF conversion in text mode, anyway.
|
@kenichi-yamada-nssol the challenge for us is that we compute things like checksums on the machine on which InSpec was initially run. So I could initiate an InSpec run against a Windows host from my macOS workstation and I should be able to compute the checksum of a Windows file. Currently, we do that by grabbing the content of the file (incorrectly, I might add, for binary files) and bringing it back to the InSpec workstation and then using the Ruby stdlib to compute the digest. While I realize this isn't terribly efficient, it's the only way we can guarantee a higher rate of success; for example, Certificate Utilities may not be installed on the target Windows machine, so we don't want to rely on using Your tip of using |
@adamleff - what do you think about adding a md5 method to the file resource and shelling to compute the hash? Doing something like this in windows? |
I know so little about Windows... is This is where it's defined in Train: https://github.com/chef/train/blob/master/lib/train/extras/file_common.rb#L44-L50 I'd override that method within https://github.com/chef/train/blob/master/lib/train/extras/file_windows.rb |
Closing this error in favor of tracking in inspec/train#235. |
Description
md5sum matcher returns wrong hash value for a binary file in Windows environment. I suspect the wrong value is calculated from wrong bits obtaining through unnecessary conversion caused by using of text mode. Please fix it to use binary mode for a binary file?
InSpec and Platform Version
Replication Case
obtaining md5sum value for notepad.exe using Certutil.
control/md5sum.rb
execute test
I can get the same value as Inspec reported like below:
Possible Solutions
Stacktrace
The text was updated successfully, but these errors were encountered: